package com.auth.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

/**
 * @author 期待前进
 */
@Configuration
//@ConditionalOnBean(GlobalCorsProperties.class)
public class HttpCrossDomain {

    /**
     *   允许cookies跨域
     *   允许向该服务器提交请求的URI，*表示全部允许，在SpringMVC中，如果设成*，会自动转成当前请求头中的Origin
     *   预检请求的缓存时间（秒），即在这个时间段里，对于相同的跨域请求不会再预检了
     *   允许提交请求的方法，*表示全部允许
     *   允许访问的头信息,*表示全部
     * @return
     */
    @Bean
    public CorsFilter corsFilter() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        final CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("*");
        config.addAllowedHeader("x-requested-with,Accept, Content-Type,Referer,User-Agent, Authorization,Cookie,Set-Cookie,credential, X-XSRF-TOKEN,token,x-token,client");
        config.setMaxAge(3600L);
        config.addAllowedMethod("POST, GET, OPTIONS, DELETE, PUT, GET");
        source.registerCorsConfiguration("/**", config);
        return new CorsFilter(source);
    }
}
